Researchers at DefCon in Vegas have demonstrated that they can make "high security" Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.

"Basically, we've destroyed Medeco's key control, because we can make (plastic keys) for any of their M3 locks and a lot of their Biaxial locks, which is their last generation of locks," says Tobias, who authored the book Open in Thirty Seconds, with Bluzmanis.

The researchers demonstrated the technique using a Medeco mortise cylinder that Threat Level purchased in California before leaving for Las Vegas. After buying the lock, Threat Level scanned the key and e-mailed the image to the researchers, who then created several plastic keys. When Threat Level arrived in Las Vegas with the lock, it took about six seconds to open the lock using a plastic key.

"It's keys by e-mail," says Tobias. "It's key-mail."...

The Medeco M3 key does have an extra feature to secure the lock -- a step protrusion on the side of the key that's designed to move a slider inside the lock. But last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer. Once that is done, they're then able to insert the plastic key in this new attack, to lift and rotate the pins.

Researchers Crack Medeco High-Security Locks With Plastic Keys

(Image: Dave Bullock (eecue)/Wired.com)

Kevin Fu (associate prof at the UMass Amherst/director of the Medical Device Security Center) gave a Black Hat presentation in Vegas yesterday in which he demonstrated a way of remotely disabling a pacemaker, using open radio technology. It sounds like other implantable devices, like those used for auto-administering drugs, would also be vulnerable to the attack. The attack relies on the fact that the control protocol for these devices does not use any cryptographic security -- that sounds like it'd be easy enough to fix for future models. Not sure how you'd field-patch the 2.6 million devices that have already been... installed to date, though.

A computer acts as a control mechanism for programming the pacemaker so that it can be set to deal with a patient’s particular defribrillation needs. Pacemakers administer small shocks to the heart to restore a regular heartbeat. The devices have the ability to induce a fatal shock to a heart.

Fu and Halperin said they used a cheap $1,000 system to mimic the control mechanism. It included a software radio, GNU radio software, and other electronics. They could use that to eavesdrop on private data such as the identity of the patient, the doctor, the diagnosis, and the pacemaker instructions. They figured out how to control the pacemaker with their device.

“You can induce the test mode, drain the device battery, and turn off therapies,” Halperin said.

Translation: you can kill the patient.

Defcon: Excuse me while I turn off your pacemaker, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses (Thanks, Kiltak!)

These Swiss casemodding overclockers have a sweet gallery of a case that looks like an old flying wing aircraft. Looks like it'd get good airflow, too. Gernsback Continuum Casemod (Thanks, James!)

ProQuo's Top 10 Creative Responses To Junk Mail has lots of good ideas for meatspace spam (making venetian blinds is a particularly good one). My favorite junkmail hack is to just write DECEASED on the envelope and put it back in the mail. Top 10 Creative Responses To Junk Mail (via Craft)

The FBI disclosed today that it had "improperly obtained" phone records of reporters at the Indonesia bureaus for the New York Times and Washington Post in 2004.

Robert S. Mueller III, director of the F.B.I., disclosed the episode in a phone call to Bill Keller, the executive editor of The Times, and apologized for it. He also spoke with Leonard Downie Jr., the executive editor of The Washington Post, to apologize. F.B.I. officials said the incident came to light as part of the continuing review by the Justice Department inspector general’s office into the bureau’s improper collection of telephone records through “emergency” records demands issued to phone providers. The records were apparently sought as part of a terrorism investigation, but the F.B.I. did not explain what was being investigated or why the reporters’ phone records were considered relevant.

F.B.I. Says It Obtained Reporters’ Phone Records (NYT)

Recently at Boing Boing Gadgets, we saw a powerful point-and-shoot from Nikon, a backlit coaster, a remote controlled robot zombie, and a demented erotic chess set.

There was a pretty engraved MacBook Pro, a beautiful retro handset from Sony Ericsson (and a handheld PC design fantasy we based on it), and a cyborg goatee shaving guard. Some hackers got kicked out of a hacking conference for hacking, and Lotus wants to make hybrid cards noisier.

John spotted a great handheld SNES, General Electric's television of today from 1978 — "Do you have a seraglio of a thousand slaves to help you lift it out of the store?" — and found a forest nymph to be the light of his life.

Rob found a $1,975 set of energy phase-correcting wooden blocks for audiophiles, imagined what Ikea's cell phone might look like, and wondered why everything ever is "stylish and elegant." Then he was struck on the head by a bad-assed 3lb heavyweight tape dispenser.

Finally, before you hit the weekend, check our our gallery of 101 Classic Computer Ads.

John Kricfalusi alerted me to these hilarious toys he designed depicting the presidential candidates. John Kricfalusi's presidential candidate toys

The ACLU has set up a form that makes it easy to tell Congress to overhaul the broken terrorist watch list and to require reasonable suspicion for electronic searches at the border.

With no suspicion and no explanation, the U.S. government can seize your laptop, cell phone, or PDA as you enter the United States and download all your private information -- including your personal and business documents, emails, phone calls, and web history. The Department of Homeland Security confirms that this is the official policy.

What happens if you refuse to let the agents download your personal photos? Or if you have encrypted your private information? Then Border Patrol -- which is now an agency of the Department of Homeland Security -- can simply copy your entire hard drive or even take your device and hang on to it indefinitely.

Unfortunately, seizing laptops and cameras at the border isn’t the only travel security measure that infringes on our civil liberties.

Just last month, the U.S. government's "terrorist watch list" surpassed one million names and is growing by over twenty-thousand names per month. The watch list includes the names of prominent people, like Senator Ted Kennedy (D-MA), plus hundreds of thousands of ordinary Americans -- many of them with common names like Robert Johnson and James Robinson. Your name might be on the list, but there's no way to know for sure until you are delayed -- or even detained for hours in a back room. If you discover your name is on the list, it's nearly impossible to get off. It actually took an Act of Congress to get Nelson Mandela off the list. No joke. An Act of Congress.

These abuses have something in common: They make all of us into suspects, with no rule of law and no accountability.

Tell Congress to rein in DHS travel abuses (ACLU)

Volume 8 of CRAFT, sister publication to MAKE, is on stands now. Here's the teaser video.

Inertia-Labs makes these cool little surveyor robot kits. The BP Explorer site in Australia built a miniature city and populated it with five surveyor bots you can control over the Web. BP Explorer

Thanks in advance for the nightmare, Kitschy Kitschy Coo.

Not as crazy as the pulp treatment for Orwell's 1984 that Cory found, this silly cover for Aldous Huxley's Brave New World is still worth a gander.

Brave New World pulp exploitation paperback (via Hang Fire Books)

Bernann McKinney from California paid a South Korea cloning lab £25,000 to make a duplicate her dear departed pitbull Booger from a piece of the dog's ear tissue. When the story hit the news with photos of McKinney, many people in the UK said Bernann McKinney looks an awful lot like an infamous fugitive named Joyce McKinney who has been on the lam for 30 years.

In 1978, Joyce McKinney jumped bail and disappeared after being charged with kidnapping a 17-stone male Mormon missionary, whom she had chained to a Devon cottage bed with mink handcuffs and forced to have sex.

At the time, she famously said of her victim: 'I loved him so much that I would ski naked down Mount Everest with a carnation up my nose if he asked me to.'

Were these two blonde, American, dog-loving and, yes, quite possibly barking mad, Miss McKinneys one and the same person?

A cloned dog, a Mormon in mink-lined handcuffs and a tantalising mystery (Daily Mail)

In today's edition of the journal Science, R. Graham Cooks, a professor of chemistry at Purdue University, describes a mass spectrometry technique that to test fingerprints to learn what the person has been touching, including drugs, explosives, and poisons.

Because the spatial resolution is on the order of the width of a human hair, the Desi technique did not just detect the presence of, for instance, cocaine on the surface, but literally showed a pattern of cocaine in the shape of the fingerprint, leaving no doubt who had left the cocaine behind.

Fingerprint test tells much more than identity (IHT)

My friend Joe Hutsko contacted with the intriguing offer to serialize his novel, The Deal, on Boing Boing. I jumped at the chance. I read The Deal when it first came out in 1999 and loved the thrilling story about a Apple-like company's undertaking to create an iPhone-like device.

Here's a link to Chapter 10 as a PDF or a text file. (Here's chapter 1 and an introduction to the book, and here are the previous chapters)

To buy a paperback copy of the book, visit JOEyGADGET or purchase directly from Amazon.

The California State Supreme Court has ruled that non-compete clauses in employment contracts are not enforceable in California. I'm reminded of the study from the Duke Center for the Public Domain that concluded that the reason that the tech corridor on Route 128 near Boston had grown so much more slowly than Silicon Valley was that Massachusetts has enforceable non-competes, while California does not. The researcher concluded that in California, the best talent moved to the best companies, while on Route 128, crummy companies could lock up great people for years at a time through non-compete agreements.

Note that none of this invalidates confidentiality agreements -- you're still not allowed to disclose secrets -- but you're allowed to work for whomever will hire you, without the cold dead hand of your last boss tugging on your belt.

Californians have the right to move from one company to another or start their own business and can't be prohibited by their employer from working for a competitor in their next job, the state Supreme Court ruled Thursday.

In a unanimous decision, the justices said state law since 1872 has forbidden what are called noncompete clauses that restrict management employees' options after they leave a company.

State Supreme Court rejects noncompete clauses (via /.)

At this year's HOPE hackercon in NYC, participants were asked to wear RFID-enabled badges that followed them around and spied on them as part of the Attendee Meta-Data (AMD) project. Now the project has released the data it gathered, as well as the sourcecode for the devices and their readers.

The AMD social networking site lets visitors "tag" themselves based on a diverse set of interests. Old-school hackers, network security experts, cryptographers, political activists, law geeks, lockpickers, reverse engineers, bloggers, privacy advocates, and far more—visitors can label themselves with multiple interests, to become discoverable by fellow visitors from around the world with similar interests, in the same room or across the building. Attendees can then use email or text messages to "ping" the people they discover on the site—new contacts and old friends alike.

The AMD Project (Thanks, Aestetix!)

See also: RFID badges at HOPE hackercon form automatic social nets and irony

On Salon, Andrew Leonard ruminates on a new paper that tries to analyze gold farming (doing repetitive in-game tasks to earn money that is sold to players) with international development. Richard Heeks's (University of Manchester) new paper "Current Analysis and Future Research Agenda on "Gold Farming": Real-World Production in Developing Countries for the Virtual Economies of Online Games" is the first paper to explore gold farming from a development perspective, and as the title suggests, it is mostly a literature review and an attempt to define the areas for future research on the topic.

This was a pure-gold find for me, as I'm working on a young adult novel called For the Win that expands my story Anda's Game (about union organizers who sign up gold farmers in the developing world), and I've been reading everything I can get my hands on about gold farming. Heeks's paper is absolutely enthralling (for me, at least), a very broad and thorough survey of what we know, what we think we know and what we definitely don't know about gold farming -- it was even worth putting up with the world's least readable typeface (though it gave me a splitting headache). (Coincidentally, Andrew Leonard is the Salon editor who bought and published Anda's Game in the first place).

Continuing survival of the sub-sector also relies on overcoming some severe information failures – absence, uncertainty, asymmetry, and communication problems. These have produced many examples of both opportunism and adverse selection, with trading bringing uncertainty, risk and negative consequences. As expected, these seem likely to have suppressed real-money trading well below its "natural" level, and to have induced sellers into (potentially-hollow) assertions about their trustworthiness. Because of its virtuality, though, real-money trading has seen only a little of the localisation and intermediation one might otherwise expect in the presence of such information failures.

Thirdly, continuing survival of gold farming relies on dealing with the many threats it faces. Some of these are business-generic such as ease of entry intensifying competition, or rising labour costs. Others are business-specific but just a low-level nuisance such as character killing or account and IP banning or fraud. Others still – patching, game redesign and marketing channel blocks – require constant innovation to stay one step ahead. And a final category is much more serious such as game company substitution or legal action by governments or game companies. Game companies probably take such action through a mix of economic, moral and personal in-game experience rationales. But one must recognise that gold farming bringsa benefits to these companies, while action against gold farming brings both anticipated and perhaps unanticipated costs.

World of development economics Warcraft, Current Analysis and Future Research Agenda on "Gold Farming": Real-World Production in Developing Countries for the Virtual Economies of Online Games (PDF) (Thanks, Patrick!)

In this final installment of our TCHO Chocolate trilogy, Xeni and Pesco go on a magical mystery taste test tour -- think Willy Wonka meets The Trip. Former NASA software developer Timothy Childs founded the tech-minded chocolate company, and was joined by WIRED co-founder Louis Rosetto.

In previous BBtv episodes we learned about the hacked-together, home-tinkered machines and high-tech wizardry that keep their factory humming.

Today we dive in to the genetics of chocolate plants, and the hedonics -- the tasting experience -- of the finished product, where science meets sensuality meets sugar.

Oh hell, who are we kidding, you guys? We sat around and GOT HIGH on neuroactive cocoa alkaloids. We freebased theobromine and we LIKED IT. We liked it a LOT.Warning: this episode is NSFC (not safe for chocoholics).

---

Link to Boing Boing tv blog post with viewer discussion, downloadable video, and podcast subscribe instructions.

---

Previously on Boing Boing tv:
* TCHO, part 1: chocolate origins.
* TCHO, part 2: magical machines, mysterious molecules.

Related: read a feature about TCHO by David Pescovitz in the current issue of MAKE Magazine, Timothy and the Chocolate Factory.

Here are some iPhone snapshots from Xeni on Flickr: TCHO, Boing Boing tv.

(Special thanks to Amy Critchett, and Wayne & Breanna)

A study by Dr. Steven Schrader of the National Institute for Occupational Safety and Health in Cincinnati and others concluded that the "nose" of a bicycle seat was implicated in "penile numbness" and erectile dysfunction in bicycle cops. It's been a decade since I was a regular cyclist, but I'm here to tell you that the "perineal discomfort" of a bike seat was no fun at all.

“For the first time, we have a prospective study of healthy policemen riding bikes on the job, using wider, no-nose bike saddles for 6 months. Not only did their sensation improve, their erectile function also improved. Changing saddles changed physiology. This is a landmark study for our field that that is important for future riders, and modification of lifestyle showing improvement without any active treatment.”

No-nose Bicycle Saddles Improve Penile Sensation And Erectile Function In Bicycling Police Officers

Danny O'Brien's new essay "Copyright, Fraud and Window Taxes (No, not that Windows)" makes a really good point about the way that people view copying on the Internet: copying is a ho-hum, every day thing (after all, in order for you to read these words, they had to be copied dozens, if not hundreds, of times) but "passing off" (plagiarism, fraud) is more frowned-upon than ever.

Copying is important in the process of creative remuneration, I feel, because it used to be an excellent tapping point from which to extract value and distribute it back to the creator. Copying cost money, and the only reason you'd do it would be to sell the produced copy for cash. Therefore, it was a perfect statutory location to place a money-pipe back to the artist. Matters blurred when radio broadcasts and performance rights came along, but fortunately the term "copying" could still be stretched to cover these events without anyone feeling too uncomfortable. It always took money and effort to make a copy: costs that you'd almost always only pursue for commercial gain.

In a digital world, many people don't see the act of copying as a particularly momentous or profitable event. Copying isn't what we do as an act of purchasing; copying is a thing we do to our valuable artifacts. People are scandalised when its suggested that you should pay for a copy copied to backup drives, or iPods; they're amazed when vested interests demand that cached copies or transitory files should count as extra purchases. Copying is no longer a good proxy for incoming revenue; which means it is no longer a good place to extract remuneration...

Nowadays, copying isn't always the core part of remunerative creative business. But accurate accreditation very much is.

I'm reminded of the fact that the original Creative Commons license allowed creators to choose whether they wanted their works attributed to them or not, but after a year or two, it was discovered that nearly every CC user turned the attribution switch on while generating the license -- everyone wanted correct attribution, even when they were giving away free copies. Copyright, Fraud and Window Taxes (No, not that Windows)

The Stonehenge Robotic Clock from Norris Labs is a robot arm that tells time by plucking numbered cards from an array around its body, setting them down in front of itself, waiting, then doing it again with fresh cards. Depending on the time-change, it can take more than a minute to advance by one minute -- the robot knows this, so it skips those minutes and jumps straight to the next one, timing its motions to finish the advance right on the dot. Stonehenge - A Robotic Digital Clock (via Make)